What Would Bobby Fischer Do? Taking a Cybersecurity Lesson from a Chess Master
There’s a great expression that those of you who study chess will be familiar with. A Master will often tell a student to “look at the whole board,” but this instruction is not to be taken literally. It means that the student needs to consider several things: One, the potential impact of all the moves that have been played; two, all the potential moves they can anticipate making through the end of the game, and three, all the moves they can anticipate their opponent making. A small expression to describe a herculean task! Now, although this saying could be applied to many situations, a chess game is far easier to conquer than, say, cybersecurity because you have one opponent and can study his strategy. In the realm of cybersecurity, however, your opponents are legion and their weapons are many.
Protecting your digital assets is very much like looking at the whole board. A proper defense is not just one thing, but comprises a systematic construct of what you know (past events, known best practices, proven strategies), what measures you plan on putting in place, and the anticipation of what your adversaries might try to do. This would be augmented by an endless cascade of if/then planning and dry runs to prepare for an attack.
A security program should not be static but a living, breathing thing that is ever-changing based upon the observations you make and information you gather. It is a series of defenses and actions premised on what your opponent is doing to others, and perhaps will do to you. For this reason, technology alone won’t guarantee success. While best practices around firewalls, protection systems, network configurations, passwords and processes is essential, people—as in …
[ Read More ]